We are always looking for ways to reduce friction for end users. Our job in IT is to empower users to get their work done with as few technological distractions as possible.
Many times Apple makes this harder due to features or functionality in macOS. One such example is Keyboard Setup Assistant (KSA) which automatically launches anytime a new input device is detected.
While this is very helpful for consumers who have purchased a new peripheral; in a corporate setting it can be an annoyance multiplied thousands of times over.
Read on for the details…
I got this idea from Fraser Hess who wrote a great technical deep dive with perfect timing. If you want to understand the why and how please start there, it is well worth reading.
Side note: I’m big fan of Fraser’s free app Particulars.
While Keyboard Setup Assistant is harmless and can be easily quit, by suppressing it entirely we avoid the need to include information about it in our YubiKey setup documentation.
It is also one less distraction users have to contend with and allows them to focus on the task at hand.
There are two scripts that make up the Munki NoPkg. The first is the
installcheck_script that evaluates if installation is needed:
#!/bin/sh # Check if the YubiKey identifier is in the known keyboards list installed=$(/usr/bin/defaults read /Library/Preferences/com.apple.keyboardtype.plist keyboardtype | /usr/bin/grep "1031-4176-0") # Evaluate if the installed command is empty or not if [ -z "$installed" ]; then # If "1031-4176-0" is not found, Exit 0 to trigger the postinstall_script echo "YubiKey ID needs to be added to the keyboard list." exit 0 else # If "1031-4176-0" is found, Exit 1 to skip the postinstall_script echo "YubiKey ID is already in the keyboard list." exit 1 fi
Second is the
postinstall_script that actually does the work if needed:
#!/bin/sh # Add the YubiKey identifier to the known keyboards list so Keyboard Setup Assistant won't launch /usr/bin/defaults write /Library/Preferences/com.apple.keyboardtype.plist keyboardtype -dict-add "1031-4176-0" -integer 40
I decided to skip creating an
uninstall_script because I couldn’t think of any reason we’d ever want to reverse this installation; but one could be added if needed.
The NoPkg should be set as a
managed_install in Munki manifests.
I have an example NoPkg available on GitHub which is ready to use and can be dropped right into your Munki repo with no changes.